[clang++ ][crash-on-valid] crash on C-style array creation

MuAlphaOmegaEpsilon commented 6 days ago

The following C++ code crashes clang in versions 17, 18 and 19. I think it's a regression from version 16, where it was compiling and running fine. The issue has to do with the added template argument and the fact that 2 different template instantiations are performed: commenting either foo<0>() or foo<1>() will compile fine.

template<unsigned int EXTRA_SPACE>
void foo() { char buffer[sizeof("foo") + EXTRA_SPACE] {"foo"}; }

int main()
{
    foo<0>();
    foo<1>();
}

GCC and MSVC compile and run fine.

This is the output from the example on godbolt.org:

Could not execute the program
Compiler returned: 254
Compiler stderr

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.  Program arguments: /opt/compiler-explorer/clang-19.1.0/bin/clang-19 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir /app/output.s- -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name example.cpp -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -fno-verbose-asm -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debug-info-kind=constructor -dwarf-version=4 -debugger-tuning=gdb -fdebug-compilation-dir=/app -fcoverage-compilation-dir=/app -resource-dir /opt/compiler-explorer/clang-19.1.0/lib/clang/19 -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0 -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0/x86_64-linux-gnu -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0/backward -internal-isystem /opt/compiler-explorer/clang-19.1.0/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcxx-exceptions -fexceptions -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/example-aa284e.o -x c++ <source>
1.  <eof> parser at end of file
2.  Per-file LLVM IR generation
3.  <source>:2:6: Generating code for declaration 'foo'
 #0 0x00000000036fdb08 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x36fdb08)
 #1 0x00000000036fb4ac SignalHandler(int) Signals.cpp:0:0
 #2 0x00007d7fde442520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #3 0x0000000002fa47df llvm::Constant::isNullValue() const (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x2fa47df)
 #4 0x0000000003a04418 (anonymous namespace)::EmitArrayConstant(clang::CodeGen::CodeGenModule&, llvm::ArrayType*, llvm::Type*, unsigned long, llvm::SmallVectorImpl<llvm::Constant*>&, llvm::Constant*) CGExprConstant.cpp:0:0
 #5 0x0000000003a1212f (anonymous namespace)::ConstExprEmitter::EmitArrayInitialization(clang::InitListExpr const*, clang::QualType) (.isra.0) CGExprConstant.cpp:0:0
 #6 0x0000000003a12c8b clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::ConstExprEmitter, llvm::Constant*, clang::QualType>::Visit(clang::Stmt const*, clang::QualType) CGExprConstant.cpp:0:0
 #7 0x0000000003a13df3 clang::CodeGen::ConstantEmitter::tryEmitPrivateForVarInit(clang::VarDecl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a13df3)
 #8 0x0000000003a13f76 clang::CodeGen::ConstantEmitter::tryEmitAbstractForInitializer(clang::VarDecl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a13f76)
 #9 0x0000000003e101cf clang::CodeGen::CodeGenFunction::EmitAutoVarInit(clang::CodeGen::CodeGenFunction::AutoVarEmission const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3e101cf)
#10 0x0000000003e1686c clang::CodeGen::CodeGenFunction::EmitVarDecl(clang::VarDecl const&) (.part.0) CGDecl.cpp:0:0
#11 0x0000000003e16938 clang::CodeGen::CodeGenFunction::EmitDecl(clang::Decl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3e16938)
#12 0x0000000003a2d37f clang::CodeGen::CodeGenFunction::EmitDeclStmt(clang::DeclStmt const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a2d37f)
#13 0x0000000003a415aa clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a415aa)
#14 0x0000000003a3a472 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a3a472)
#15 0x0000000003a41059 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a41059)
#16 0x0000000003aa74aa clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3aa74aa)
#17 0x0000000003ab4478 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3ab4478)
#18 0x0000000003b0d86b clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b0d86b)
#19 0x0000000003b09595 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b09595)
#20 0x0000000003b141b1 clang::CodeGen::CodeGenModule::EmitDeferred() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b141b1)
#21 0x0000000003b16153 clang::CodeGen::CodeGenModule::Release() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b16153)
#22 0x0000000003fd013e (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) ModuleBuilder.cpp:0:0
#23 0x0000000003fcde35 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3fcde35)
#24 0x0000000005f1899c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x5f1899c)
#25 0x0000000003fce825 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3fce825)
#26 0x0000000004274201 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x4274201)
#27 0x00000000041f699b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x41f699b)
#28 0x000000000435a843 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x435a843)
#29 0x0000000000c874dc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc874dc)
#30 0x0000000000c8146d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#31 0x0000000000c8466f clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc8466f)
#32 0x0000000000b5c2d4 main (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xb5c2d4)
#33 0x00007d7fde429d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#34 0x00007d7fde429e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#35 0x0000000000c80f0e _start (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc80f0e)
clang++: error: unable to execute command: Segmentation fault (core dumped)
clang++: error: clang frontend command failed due to signal (use -v to see invocation)

llvmbot commented 6 days ago

@llvm/issue-subscribers-clang-codegen

Author: Tommaso Bonvicini (MuAlphaOmegaEpsilon)

The following C++ code crashes clang in versions 17, 18 and 19. I think it's a regression from version 16, where it was compiling and running fine. The issue has to do with the added template argument and the fact that 2 different template instantiations are performed: commenting either `foo<0>()` or `foo<1>()` will compile fine. ```c++ template<unsigned int EXTRA_SPACE> void foo() { char buffer[sizeof("foo") + EXTRA_SPACE] {"foo"}; } int main() { foo<0>(); foo<1>(); } ``` GCC and MSVC compile and run fine. This is the output from the [example on godbolt.org](https://godbolt.org/z/W6zK9T4e4): ``` Could not execute the program Compiler returned: 254 Compiler stderr PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /opt/compiler-explorer/clang-19.1.0/bin/clang-19 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir /app/output.s- -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name example.cpp -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -fno-verbose-asm -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debug-info-kind=constructor -dwarf-version=4 -debugger-tuning=gdb -fdebug-compilation-dir=/app -fcoverage-compilation-dir=/app -resource-dir /opt/compiler-explorer/clang-19.1.0/lib/clang/19 -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0 -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0/x86_64-linux-gnu -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../include/c++/14.2.0/backward -internal-isystem /opt/compiler-explorer/clang-19.1.0/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /opt/compiler-explorer/gcc-14.2.0/lib/gcc/x86_64-linux-gnu/14.2.0/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcxx-exceptions -fexceptions -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/example-aa284e.o -x c++ <source> 1. <eof> parser at end of file 2. Per-file LLVM IR generation 3. <source>:2:6: Generating code for declaration 'foo' #0 0x00000000036fdb08 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x36fdb08) #1 0x00000000036fb4ac SignalHandler(int) Signals.cpp:0:0 #2 0x00007d7fde442520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520) #3 0x0000000002fa47df llvm::Constant::isNullValue() const (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x2fa47df) #4 0x0000000003a04418 (anonymous namespace)::EmitArrayConstant(clang::CodeGen::CodeGenModule&, llvm::ArrayType*, llvm::Type*, unsigned long, llvm::SmallVectorImpl<llvm::Constant*>&, llvm::Constant*) CGExprConstant.cpp:0:0 #5 0x0000000003a1212f (anonymous namespace)::ConstExprEmitter::EmitArrayInitialization(clang::InitListExpr const*, clang::QualType) (.isra.0) CGExprConstant.cpp:0:0 #6 0x0000000003a12c8b clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::ConstExprEmitter, llvm::Constant*, clang::QualType>::Visit(clang::Stmt const*, clang::QualType) CGExprConstant.cpp:0:0 #7 0x0000000003a13df3 clang::CodeGen::ConstantEmitter::tryEmitPrivateForVarInit(clang::VarDecl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a13df3) #8 0x0000000003a13f76 clang::CodeGen::ConstantEmitter::tryEmitAbstractForInitializer(clang::VarDecl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a13f76) #9 0x0000000003e101cf clang::CodeGen::CodeGenFunction::EmitAutoVarInit(clang::CodeGen::CodeGenFunction::AutoVarEmission const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3e101cf) #10 0x0000000003e1686c clang::CodeGen::CodeGenFunction::EmitVarDecl(clang::VarDecl const&) (.part.0) CGDecl.cpp:0:0 #11 0x0000000003e16938 clang::CodeGen::CodeGenFunction::EmitDecl(clang::Decl const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3e16938) #12 0x0000000003a2d37f clang::CodeGen::CodeGenFunction::EmitDeclStmt(clang::DeclStmt const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a2d37f) #13 0x0000000003a415aa clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a415aa) #14 0x0000000003a3a472 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a3a472) #15 0x0000000003a41059 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3a41059) #16 0x0000000003aa74aa clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3aa74aa) #17 0x0000000003ab4478 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3ab4478) #18 0x0000000003b0d86b clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b0d86b) #19 0x0000000003b09595 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b09595) #20 0x0000000003b141b1 clang::CodeGen::CodeGenModule::EmitDeferred() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b141b1) #21 0x0000000003b16153 clang::CodeGen::CodeGenModule::Release() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3b16153) #22 0x0000000003fd013e (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) ModuleBuilder.cpp:0:0 #23 0x0000000003fcde35 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3fcde35) #24 0x0000000005f1899c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x5f1899c) #25 0x0000000003fce825 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x3fce825) #26 0x0000000004274201 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x4274201) #27 0x00000000041f699b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x41f699b) #28 0x000000000435a843 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0x435a843) #29 0x0000000000c874dc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc874dc) #30 0x0000000000c8146d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0 #31 0x0000000000c8466f clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc8466f) #32 0x0000000000b5c2d4 main (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xb5c2d4) #33 0x00007d7fde429d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90) #34 0x00007d7fde429e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40) #35 0x0000000000c80f0e _start (/opt/compiler-explorer/clang-19.1.0/bin/clang-19+0xc80f0e) clang++: error: unable to execute command: Segmentation fault (core dumped) clang++: error: clang frontend command failed due to signal (use -v to see invocation) ```

shafik commented 6 days ago

If we change this to: https://godbolt.org/z/3ne4K13Wj

  foo<10>();
  foo<1>();

The diagnostic is intriguing:

<source>:2:56: error: initializer-string for char array is too long, array size is 5 but initializer has size 14 (including the null terminating character)
    2 | void foo() { char buffer[sizeof("foo") + EXTRA_SPACE] {"foo"}; }
      |                                                        ^~~~~
<source>:6:5: note: in instantiation of function template specialization 'foo<1U>' requested here
    6 |     foo<1>();
      |     ^
1 error generated.
Compiler returned: 1

MuAlphaOmegaEpsilon commented 6 days ago

@shafik yeah I know, I stumbled upon that first during my experiments, then I got the crash when trying to shrink those down for the bug report and decided to post the latter due to the added stack trace.

If you change the EXTRA_SPACE you will see the diagnostic reported size change too!

shafik commented 6 days ago

@awson does this PR fix this: https://github.com/llvm/llvm-project/pull/96464

awson commented 5 days ago

@awson does this PR fix this: #96464

Unfortunately, no. Absolutely no difference — the same crash, the same diagnostics.

awson commented 5 days ago

If we change this to: https://godbolt.org/z/3ne4K13Wj

  foo<10>();
  foo<1>();

The diagnostic is intriguing:

<source>:2:56: error: initializer-string for char array is too long, array size is 5 but initializer has size 14 (including the null terminating character)
    2 | void foo() { char buffer[sizeof("foo") + EXTRA_SPACE] {"foo"}; }
      |                                                        ^~~~~
<source>:6:5: note: in instantiation of function template specialization 'foo<1U>' requested here
    6 |     foo<1>();
      |     ^
1 error generated.
Compiler returned: 1

I've looked into this, seems the things are borked from the very inception (clang 3.8).

Strangely, https://godbolt.org/z/hr6hvqz38 wants clang 6.0.0 to compile this (and barf on too long initializer), on my Windows desktop 3.8 is enough.

llvm / llvm-project

[clang++ ][crash-on-valid] crash on C-style array creation #112189